International Journal of Trend in Research and Development Volume - 1(2)

Survey paper on Threshold Cryptography

Hetali Tank

Kinjal Shah

Computer Science and Engineering

Institute of Technology
Nirma University
Email: 13mcen35@nirmauni.ac.in

Computer Science and Engineering

Institute of Technology
Nirma University
Email: 13mcen33@nirmauni.ac.in

AbstractThe difficulty with secret-key cryptosystem is

shar-ing a key between sender and receiver. Authenticity is the
major issue in this case. So it may be vulnerable. This paper
introduce the concept of Threshold Cryptography. Threshold
cryptography has proved to be an effective technique for key
distribution and management. Threshold cryptography allows
one to share the power of a cryptosystem. It distinguish itself
by being non-interactive.
KeywordsCryptography, cryptosystem,
(private key), Authenticity, Signature.

I.

Secret

key

INTRODUCTION

Traditionally, cryptography consider the case where there is

one sender and one receiver. However, a lot of communication is
between an individual and an organization. Moreover in
organization many security related actions are taken by a group of
people instead of an individual. So in organization there is a need
for guaranteeing the authenticity if messages sent by a group of
individuals to another group (or a person).

One often knows an organization and its public key, but

not necessarily who works in this organization or even less
who has the power to sign in the name of organization. So
to avoid key management problem and to allow distribution
of power an organization should have mainly one public key
instead of relying on the many public key. If the
organization has one public key, the power to sign i.e. to
decrypt or to use a cryptosystem should be shared to abuse
and to guarantee reliability. The goal of threshold
cryptography is to make this possible in electronic society.

III.

EARLY ATTEMPTS

Shamir first discussed that companys secret key, used to

digitally signed document, should not to a given single entity.

Consider for example, a company that digitally signs all

checks. If each executive is given a copy of the companys
se-cret signature key, the system is convenient but easy to
misuse. If the cooperation of all the companys executives is
necessary in order to sign each check, the system is safe
but inconvenient. The standard solution requires at least
three signature per check and it is implement with (3,n)
threshold scheme. Each executive is given a small
magnetic card with one Di piece, and companys signature
generating device accepts any three of them in order to
generate a temporary copy of signature key D.

But this solution suffers from many problems, like the

companys signature generating can suffer from leak of
master key, modify the message being signed, signed
extra messages. So this solution is not very secure.
IV.

BASIC SCHEMES

A cryptosystem correspond to evaluate a function

with two inputs.
This function is written as

II.

DEFINATION

In cryptography, a cryptosystem is called a threshold

cryp-tosystem, if in order to decrypt an encrypted message
a number of parties exceeding a threshold id required to
cooperate in decryption protocol. The message is encrypted
using a public key and the corresponding private key is
shared among the participating parties.

Let n be the number of parties. Such a system is

called (t,n)-threshold, if at least t of these parties can
efficiently decrypt the cipher text, while less than t have
no useful information. Similarly it is possible to define
(t,n)-threshold signature scheme, where at least t parties
are required for creating a signature.

IJTRD | Nov-Dec 2014

Available Online@ www.ijtrd.com

FKey(input) = GKey(input)
Where F and G are functions. Function is holomorphic

i.e.
Gb(K1 + K2) = Gb(K1) Gb(K2)
Where b is aforementioned input and K1; K2 belong
to key space.
Consider the ElGamal encryption scheme: Public key is
(g; y; p), where g is large enough order, p is large enough
a
prime, Y = g modpand a is secret key.The cipher text is

International Journal of Trend in Research and Development Volume - 1(2)

B(2)

ak

= c1

=G

c2 G

ak

t2;1

modp = 9
G

B(1)

13

B(2)modp

mod17 = 15
= 9 15mod17 = 16

= 12 16mod17 = 5 = M

M = 5 which agrees with what was actually sent as

the original.
V. SOME RELATED ISSUES
1)

If one or more shareholder sends one wrong partial

result,ginput(sharei) the result will be wrong. If a public
key system is used, one can using the public key
verify that the result is wrong. When the numbers of
wrong partial results is small and a public key system
is used, an exhaustive search will evidently find out
who sent the wrong partial result. One can then
recomputed the result ginput(key) ignoring the wrong
partial results, provided one has at least t + e partial
results, where eis number of wrong case.

(c1; c2) = (g modp; M y modp) where M 2 Zp is the

message.
Encryption
Choose a value k in Zp and encrypt M
k

E(g;y;p)(M) = (c1; c2) = (g (modp); My (modp))

Decryption

2)

k k a
D(a;p)(c1; c2) = c2 c1 (modp) = My (g ) (modp) =
ak
k a
ak
ak

M (g ) (g )
M (modp)

(modp) = M g

Reliability

(modp) =

Security Enhancement
No trusted dealer:
By using this scheme trusted dealer can
be avoided.
Proactive security and its generalization: What
happen when an outsider collects more share
than the threshold? I.e. share is stolen The
solution that has been proposed to address
this problem is to get new guaranteed correct
shares without relying on trusted dealer and
keep the old public key as long as reasonable
possible. The old shares should be destroyed
and the update frequently should be done
enough, taken the power of the enemy who
may collect shares into account.

Secret Sharing Scheme

(t; l) secret sharing schemes break up a secret
(usually a private key) into l pieces.
These pieces are distributed amongst l individuals.
In order to recover the original secret, at least t
individuals must cooperate.
Thus t is the breaking point for the secret.

Insiders Anonymity:

EXAMPLE:

An outsider may not be able to find out from

ginput(key) that who were active in the
computation without the help of insider or
combiner. Insider can easily find out by seeing
ginput(sharei). And therefore there is a need to
guarantee the anonymity of the insiders.

We use the simple (2; l) scheme to perform threshold

decryption of E(5). Given p = 17, g = 3, a = 4, M = 5, k =
2.
Encryption
a

y = g modp = 13
VI.

t =7

1)

1;2

t2;1 = a t1;2mod (P ) = 3 = 13
k
c1 = g modp = 9
a
2
c2 = My modp = 5 13 mod17 = 12

2)

p = 17; g = 3; (c1; c2) = (9; 12)

B(1) = t1;2 = 7

3)

B(2) = t2;1 = 13

Decrypting the message

G

B(1)

= c1

t1;2

modp = 9

mod17 = 9

IJTRD | Nov-Dec 2014

Available Online@ www.ijtrd.com

SOME PROBLEMS

It is clear that secret sharing is a key point in the

design of threshold cryptosystem. The
optimization of the information rate, both for
linear and general secret sharing schemes, is
one of the questions that must be studied.
Another important problem is to find efficient
ways to construct verifiable and proactive secret
sharing schemes.
Whenever a group of users in a network need to
securely communicate among them, they must have
a common cryptographic key. The distribution of
these keys should be jointly done by several servers
instead of using a single central server to this end.

International Journal of Trend in Research and

Development Volume - 1(2)

VII.

CONCLUSION

Threshold cryptography allows one to share the

power of cryptosystem. It distinguish itself from secure
distributed computation by being non-interactive. In
threshold cryptogra-phy we can require that a group of
any size act in order to encrypt/decrypt.
REFERENCES
[1]

[3]
[4]
[5]

Exploring Robustness in Group Key Agreement by Yair Amir,

Yongade Kim.
Some Recent Research Aspects of Threshold Cryptography by
Yvo Desmedt
http://c2.com/cgi/wiki?ThresholdCryptography
http://www.cryptographyworld.com/concepts.html
http://www.cs.ut.ee/ lipmaa/crypto/link/threshold/

[6]

http://www.cs.cornell.edu/Courses/cs513/2000SP/SecretSharingCA.html

[2]

Kerem Kaskaloglu, Kamer Kaya, Ali Aydn Selcuk, Threshold

Broad-cast Encryption With Reduced Complexity
[8] Yvo Desmedt, Yair Frankel, Threshold Cryptosystem
[9] H.L. Nguyen, RSA Threshold Cryptography, May 2005
[10] http://www.cs.ucf.edu/ rjain/Threshold Cryptography.pdf
[11] Cecile Delerablee, David Pointcheva, Dynamic Threshold
Public-Key Encryption, August 2008, Advances in Cryptology
Proceedings of CRYPTO 2008, pages 317334.
[7]

IJTRD | Nov-Dec 2014

Available Online@ www.ijtrd.com